Skip to content

Commit

Permalink
bgpd: Add neighbor X send-community extended rpki command
Browse files Browse the repository at this point in the history
By default, iBGP and eBGP-OAD peers exchange RPKI extended community by default.

Add a command to disable sending RPKI extended community if needed.

Signed-off-by: Donatas Abraitis <[email protected]>
  • Loading branch information
ton31337 committed Feb 7, 2024
1 parent f6463da commit 4d7975e
Show file tree
Hide file tree
Showing 6 changed files with 70 additions and 18 deletions.
14 changes: 9 additions & 5 deletions bgpd/bgp_route.c
Original file line number Diff line number Diff line change
Expand Up @@ -2670,16 +2670,20 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi,
* defined as non-transitive in [RFC8097], can be advertised to
* peers in the same OAD.
*/
if (peer->sort == BGP_PEER_IBGP || peer->sub_sort == BGP_PEER_EBGP_OAD) {
if ((peer->sort == BGP_PEER_IBGP ||
peer->sub_sort == BGP_PEER_EBGP_OAD) &&
peergroup_af_flag_check(peer, afi, safi,
PEER_FLAG_SEND_EXT_COMMUNITY_RPKI)) {
enum rpki_states rpki_state = RPKI_NOT_BEING_USED;

rpki_state = hook_call(bgp_rpki_prefix_status, peer, attr, p);

if (rpki_state != RPKI_NOT_BEING_USED)
bgp_attr_set_ecommunity(
attr, ecommunity_add_origin_validation_state(
rpki_state,
bgp_attr_get_ecommunity(attr)));
bgp_attr_set_ecommunity(attr,
ecommunity_add_origin_validation_state(
rpki_state,
bgp_attr_get_ecommunity(
attr)));
}

/*
Expand Down
21 changes: 10 additions & 11 deletions bgpd/bgp_updgrp.h
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,16 @@
(PEER_FLAG_LOCAL_AS_NO_PREPEND | PEER_FLAG_LOCAL_AS_REPLACE_AS)

#define PEER_UPDGRP_AF_FLAGS \
(PEER_FLAG_SEND_COMMUNITY | PEER_FLAG_SEND_EXT_COMMUNITY \
| PEER_FLAG_SEND_LARGE_COMMUNITY \
| PEER_FLAG_DEFAULT_ORIGINATE | PEER_FLAG_REFLECTOR_CLIENT \
| PEER_FLAG_RSERVER_CLIENT | PEER_FLAG_NEXTHOP_SELF \
| PEER_FLAG_NEXTHOP_UNCHANGED | PEER_FLAG_FORCE_NEXTHOP_SELF \
| PEER_FLAG_AS_PATH_UNCHANGED | PEER_FLAG_MED_UNCHANGED \
| PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED | PEER_FLAG_REMOVE_PRIVATE_AS \
| PEER_FLAG_REMOVE_PRIVATE_AS_ALL \
| PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE \
| PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE \
| PEER_FLAG_AS_OVERRIDE)
(PEER_FLAG_SEND_COMMUNITY | PEER_FLAG_SEND_EXT_COMMUNITY | \
PEER_FLAG_SEND_EXT_COMMUNITY_RPKI | PEER_FLAG_SEND_LARGE_COMMUNITY | \
PEER_FLAG_DEFAULT_ORIGINATE | PEER_FLAG_REFLECTOR_CLIENT | \
PEER_FLAG_RSERVER_CLIENT | PEER_FLAG_NEXTHOP_SELF | \
PEER_FLAG_NEXTHOP_UNCHANGED | PEER_FLAG_FORCE_NEXTHOP_SELF | \
PEER_FLAG_AS_PATH_UNCHANGED | PEER_FLAG_MED_UNCHANGED | \
PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED | PEER_FLAG_REMOVE_PRIVATE_AS | \
PEER_FLAG_REMOVE_PRIVATE_AS_ALL | \
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE | \
PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE | PEER_FLAG_AS_OVERRIDE)

#define PEER_UPDGRP_CAP_FLAGS (PEER_CAP_AS4_RCV)

Expand Down
45 changes: 43 additions & 2 deletions bgpd/bgp_vty.c
Original file line number Diff line number Diff line change
Expand Up @@ -6473,6 +6473,32 @@ ALIAS_HIDDEN(
"Send Standard Community attributes\n"
"Send Large Community attributes\n")

DEFPY (neighbor_ecommunity_rpki,
neighbor_ecommunity_rpki_cmd,
"[no$no] neighbor <A.B.C.D|X:X::X:X|WORD>$neighbor send-community extended rpki",
NO_STR
NEIGHBOR_STR
NEIGHBOR_ADDR_STR2
"Send Community attribute to this neighbor\n"
"Send Extended Community attributes\n"
"Send RPKI Extended Community attributes\n")
{
struct peer *peer;
afi_t afi = bgp_node_afi(vty);
safi_t safi = bgp_node_safi(vty);

peer = peer_and_group_lookup_vty(vty, neighbor);
if (!peer)
return CMD_WARNING_CONFIG_FAILED;

if (no)
return peer_af_flag_unset_vty(vty, neighbor, afi, safi,
PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
else
return peer_af_flag_set_vty(vty, neighbor, afi, safi,
PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
}

/* neighbor soft-reconfig. */
DEFUN (neighbor_soft_reconfiguration,
neighbor_soft_reconfiguration_cmd,
Expand Down Expand Up @@ -17665,8 +17691,8 @@ bool peergroup_flag_check(struct peer *peer, uint64_t flag)
return !!CHECK_FLAG(peer->flags_override, flag);
}

static bool peergroup_af_flag_check(struct peer *peer, afi_t afi, safi_t safi,
uint64_t flag)
bool peergroup_af_flag_check(struct peer *peer, afi_t afi, safi_t safi,
uint64_t flag)
{
if (!peer_group_active(peer)) {
if (CHECK_FLAG(peer->af_flags_invert[afi][safi], flag))
Expand Down Expand Up @@ -18442,6 +18468,12 @@ static void bgp_config_write_peer_af(struct vty *vty, struct bgp *bgp,
if (flag_slcomm)
vty_out(vty, " no neighbor %s send-community large\n",
addr);

if (peergroup_af_flag_check(peer, afi, safi,
PEER_FLAG_SEND_EXT_COMMUNITY_RPKI))
vty_out(vty,
" no neighbor %s send-community extended rpki\n",
addr);
}

/* Default information */
Expand Down Expand Up @@ -20327,6 +20359,15 @@ void bgp_vty_init(void)
install_element(BGP_VPNV6_NODE, &neighbor_send_community_type_cmd);
install_element(BGP_VPNV6_NODE, &no_neighbor_send_community_cmd);
install_element(BGP_VPNV6_NODE, &no_neighbor_send_community_type_cmd);
install_element(BGP_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_IPV4_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_IPV4M_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_IPV4L_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_IPV6_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_IPV6M_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_IPV6L_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_VPNV4_NODE, &neighbor_ecommunity_rpki_cmd);
install_element(BGP_VPNV6_NODE, &neighbor_ecommunity_rpki_cmd);

/* "neighbor route-reflector" commands.*/
install_element(BGP_NODE, &neighbor_route_reflector_client_hidden_cmd);
Expand Down
2 changes: 2 additions & 0 deletions bgpd/bgp_vty.h
Original file line number Diff line number Diff line change
Expand Up @@ -171,5 +171,7 @@ extern int bgp_show_summary_vty(struct vty *vty, const char *name, afi_t afi,
safi_t safi, const char *neighbor, int as_type,
as_t as, uint16_t show_flags);
extern bool peergroup_flag_check(struct peer *peer, uint64_t flag);
extern bool peergroup_af_flag_check(struct peer *peer, afi_t afi, safi_t safi,
uint64_t flag);

#endif /* _QUAGGA_BGP_VTY_H */
5 changes: 5 additions & 0 deletions bgpd/bgpd.c
Original file line number Diff line number Diff line change
Expand Up @@ -1512,13 +1512,17 @@ struct peer *peer_new(struct bgp *bgp)
SET_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_COMMUNITY);
SET_FLAG(peer->af_flags[afi][safi],
PEER_FLAG_SEND_EXT_COMMUNITY);
SET_FLAG(peer->af_flags[afi][safi],
PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
SET_FLAG(peer->af_flags[afi][safi],
PEER_FLAG_SEND_LARGE_COMMUNITY);

SET_FLAG(peer->af_flags_invert[afi][safi],
PEER_FLAG_SEND_COMMUNITY);
SET_FLAG(peer->af_flags_invert[afi][safi],
PEER_FLAG_SEND_EXT_COMMUNITY);
SET_FLAG(peer->af_flags_invert[afi][safi],
PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
SET_FLAG(peer->af_flags_invert[afi][safi],
PEER_FLAG_SEND_LARGE_COMMUNITY);
peer->addpath_type[afi][safi] = BGP_ADDPATH_NONE;
Expand Down Expand Up @@ -4608,6 +4612,7 @@ static const struct peer_flag_action peer_af_flag_action_list[] = {
{PEER_FLAG_DISABLE_ADDPATH_RX, 0, peer_change_none},
{PEER_FLAG_SOO, 0, peer_change_reset},
{PEER_FLAG_ACCEPT_OWN, 0, peer_change_reset},
{PEER_FLAG_SEND_EXT_COMMUNITY_RPKI, 1, peer_change_reset_out},
{0, 0, 0}};

/* Proper action set. */
Expand Down
1 change: 1 addition & 0 deletions bgpd/bgpd.h
Original file line number Diff line number Diff line change
Expand Up @@ -1527,6 +1527,7 @@ struct peer {
#define PEER_FLAG_MAX_PREFIX_FORCE (1ULL << 26)
#define PEER_FLAG_DISABLE_ADDPATH_RX (1ULL << 27)
#define PEER_FLAG_SOO (1ULL << 28)
#define PEER_FLAG_SEND_EXT_COMMUNITY_RPKI (1ULL << 29)
#define PEER_FLAG_ACCEPT_OWN (1ULL << 63)

enum bgp_addpath_strat addpath_type[AFI_MAX][SAFI_MAX];
Expand Down

0 comments on commit 4d7975e

Please sign in to comment.